If it's a PIX firewall, the MAILGUARD function can cause similar problems. -----Original Message----- From: Daniel Crichton [mailto:danielc@compman.co.uk] Sent: Monday, July 30, 2001 12:03 PM To: firewalls@lists.gnac.net Subject: RE: Problems with MAIL SERVER BEHIND FIREWAAL I'd also check port 113 access - if he's running a mail server that uses ident checking on incoming mail and port 113 outbound is closed it'll really slow incoming mail via SMTP. Best option I've found so far is to disable ident for my own mail server, and open port 113 at the firewall but not run any service on 113 on the mail server to ensure outgoing mail isn't held up by the same issue at destination SMTP servers. Unfortunately my firewall (PIX) doesn't appear to be allow me to specify that I want to close port 113 for incoming connections and issue the appropriate packets to close the connection rather than just drop the packets, otherwise I'd have kept 113 closed for inbound connections too. Dan On 30 Jul 2001, at 17:49, Skough Axel U/IT-S wrote: > This concerns incoming mail! > > Depending on your firewall the problem could be solved in many ways. > > 1. If you use Network Address Translation, make sure that your firewall maps > port 25 (SMTP) to the mail server's address at inside. > > 2. If your mail server is placed in DMZ, make sure that port 25 is opened > for access from outside to the mail server's address > > These are two examples concerning mail transport to your inner server from > outside using SMTP. The POP3 (port 110) is not to be considered as to > process "incoming" mail, it is a way to fetch (copy/move) mail from a > mailbox at the mail server to a local mail client. > > You should have logs enough to see what traffic is rejected and why. > Otherwise turn on logging. What messages appear on the sending mail host? > Could it be "Host not found" ? > > Hope this helps! > > Rgds / Axel > > > -----Original Message----- > From: Ricardo Romero [mailto:ricardo.romero@icec.com.br] > Sent: den 30 juli 2001 13:52 > To: Lista Firewall > Subject: Problems with MAIL SERVER BEHIND FIREWAAL > > > hello, > > I've installed a firewall in the company recently. Our mail server is behind > the firewall. We are having problems to receive mails because it is taking a > long time until we begin to receive it. I 've searched about it and it seems > a problem with the way like firewall handles the ports (110, for example) > and, maybe, the authentication. How could I fix it? > > Thanks a lot, > > Ricardo > > _______________________________________________ > Firewalls mailing list > Firewalls@lists.gnac.net > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ > Firewalls mailing list > Firewalls@lists.gnac.net > http://lists.gnac.net/mailman/listinfo/firewalls --- D.C. Crichton email: danielc@compman.co.uk Senior Systems Analyst tel: +44 (0)121 706 6000 Computer Manuals Ltd. fax: +44 (0)121 606 0477 Computer book info on the web: http://computer-manuals.co.uk/ Want to earn money? Join our affiliate network! http://computer-manuals.co.uk/affiliate/ _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list Firewalls@lists.gnac.net http://lists.gnac.net/mailman/listinfo/firewalls